Security News > 2020 > December > Global Espionage Campaign Used Software Supply Chain Hack To Compromise Targets, Including US Gov

Incident response teams are scrambling as after details emerged late Sunday of a sophisticated espionage campaign leveraging a software supply chain attack that allowed hackers to compromise numerous public and private organizations around the world.

Among victims are multiple US government agencies, including the Treasury and Commerce departments, and cybersecurity giant FireEye, which stunned the industry last week when it revealed that attackers gained access to its Red Team tools.

The connection was made through a blog post published on Sunday, where FireEye described a widespread attack campaign that is exploiting SolarWinds' Orion IT monitoring software.

FireEye said the attackers, which it tracks as UNC2452, have leveraged trojanized Orion updates in an effort to deliver a backdoor identified by the company as SUNBURST. In at least one case, the hackers also delivered a previously unknown memory-only dropper named TEARDROP, which in turn attempted to deploy a custom version of Cobalt Strike's Beacon payload. FireEye said it observed multiple victims, including government, technology, consulting, extractive and telecom organizations in North America, Europe, the Middle East and Asia.

The company has notified victims and it has made available indicators of compromise to help organizations detect potential attacks and conduct investigations.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/0UDgQBpWHGs/global-espionage-campaign-used-software-supply-chain-hack-compromise-targets-including-us-gov